Bitcoins and Gravy # 67 : Brain Wallets Explained! (Transcript)
Episode notes and comments page : https://letstalkbitcoin.com/blog/post/bitcoins-and-gravy-67-brain-wallets-explained
Professional transcription provided by a fan and consultant of the show, who can be found at http://www.diaryofafreelancetranscriptionist.com
John Barrett (Announcer and Host): Welcome to Bitcoins and Gravy, Episode #67. At the time of this recording, Bitcoins are trading at $240.00 dollars each, and everybody’s favorite, LTBCoins, are trading at $0.000087 U.S. dollars each. Mmm…Mmm…Mmm… Now THAT’S gravy!
John : Welcome to "Bitcoins and Gravy", and thanks for joining me today as I podcast from East Nashville, Tennessee, with my trusty Siberian Husky, Maxwell, right by my side. Say hello, Maxwell.
Maxwell : Grrrrr…..
John : We’re two Bitcoin enthusiasts who love talking about Bitcoins, and sharing what we learn with you, the listener. Long time listeners, thank you so much for listening, and thank you for your tips. New listeners, we hope you enjoy the show. Welcome. [0:55] On today's show I am THRILLED to be talking with Nick Pudar in Detroit, Michigan. Nick takes us on a journey to a place that very few people even know exists. That place is the “brain wallet”, where it is now possible to store a small, or a large, amount of Bitcoin wealth in your memory. Nick does a fantastic job of helping us understand the true dangers of Bitcoin brain wallets, and the true value of them as well. Join us please on this terrifying and exhilarating journey into the mind.
I also have a special treat for everyone today as I read the newest short fiction by the Bitcoin Community's favorite author of fiction, Max Hernandez. This short story, “The Song of Ashok”, is a short, but compelling, tale of the trials experienced by a young man trying to escape a war-torn country with his family’s wealth hidden in a song that he has memorized. And you guessed it, that song is a brain wallet!
John : All right, listeners. Today on the show I am THRILLED to welcome a “Braniac” - a gentleman who is going to tell us all about brain wallets - Nick Pudar, who is right now in Detroit, Michigan, if I am not mistaken. Nick, welcome to Bitcoins and Gravy.
Nick : Thanks John. It’s a pleasure to be on your show.
John : Oh thanks. You are in Detroit right now. Is that right?
Nick : Yes I am. Yup.
John : All right. How’s the weather there?
Nick : We are experiencing spring trying to arrive.
John : What’s the temperature there today?
Nick : I think it’s about 60 today. It was 84 last weekend, and who knows what it’s going to be this weekend. We might even have snow. Who knows.
John : [laughter] I hope not. But spring is definitely on its way. So Nick, I hesitate to say it, but are you a brain wallet expert?
Nick : Well, I’d hesitate to say that too. I’M still learning. I think everybody in this space is learning, but I’ve read a lot about it, and I actually USE brain wallets. Not for very much money. It’s very little. But I use it for, really, two reasons. One is it’s really a great intellectual challenge [which] keeps the mind active. Second, it represents personal freedom. And I think that those two reasons, and all of the learning that occurs as a result of understanding brain wallets [is] worth understanding.
John : Yeah, I first created a brain wallet in 2011, and it was such a trial, taking this person’s advice, and THAT person’s advice. Then thinking for a moment that I was going to learn LINUX and get involved in that world, and then backing out of that. And when I was finally finished, and I did finally create a brain wallet, I was so exhausted afterwards that I told myself that I was never going to do another one. But it’s still fascinating, of course, and for our listeners who WANT to create brain wallets, lead us on to victory here, Nick, and tell us about brain wallets. Maybe start with, “What IS a brain wallet?”
Nick : Yeah. I think, sort of, at the very simplest level a brain wallet is a way that a private key can be derived from something that you have memorized. That’s the very simplest way. So, in other words, based on something that you keep in your brain you’re able to generate your private key and then have access to your Bitcoins. That’s the simplest.
Now, one thing to keep in mind is that in the brain wallet world this thing you keep in your mind is known as a “brain wallet passphrase”. So I’ll be talking about a passphrase. And when it comes to brain wallets there are two truths. The first one is that they are FRAUGHT with danger, and you should never use them. And if you DO use them, you’re going to lose your coins. I mean, that’s number one. The second truth is that when used correctly brain wallets are VERY powerful, very safe, and very secure. But the problem is that they’re very hard to use correctly. So you have to REALLY understand what the dangers are, and a lot of experienced Bitcoiners out there basically adhere to Truth 1, which says, ”Don’t do it! Don’t do it!” But my objective is to help your listeners understand what the basics of brain wallets are, so that they know what’s necessary to us it correctly, and they know what all the dangers are. Then they can decide what’s right for them. For me, I said I use them for a very small amount of money, but it’s more for the intellectual challenge, and all of the learning that has emerged as a result of understanding all of these things.
John : I don’t know, Nick. This sounds too scary. I think we should stop the interview here. This just sounds too scary. I can’t go on. [laughter] No, well for people who have never heard or brain wallets, basically Nick is saying, “Do you want to store your Bitcoin somewhere other than a piece of paper, somewhere other than your computer, somewhere other than with one of these exchanges? You can store it in your BRAIN.” You can store your Bitcoin in your brain with a passphrase such as “Mary had a little lamb.” But don’t use that one, right?
Nick : Don’t use that one. We’ll talk about some of the dangers. But anything you can find online, or in a book, or anything that has been published [is] not a good password. Again, I’ll get into more of that later, because people think that if they find something really obscure, it’s good. I’ll talk about that later. But I want to cover what the fundamental basics are. A couple of these things might be known by your listeners, but I think the four build together to really give you a deep sense [of] why brain wallets are powerful, and why brain wallets need to be done correctly.
So the four elements are : understanding the relationship between a private key and a public address. That’s one. The second one is understanding this term “entropy”. So brain wallet guys keep talking about, “Do you have sufficient bits of entropy?” I’ll explain that as well.
John : Mmm…Hmm.
Nick : Then we know that in the Bitcoin world there’s lots of private keys out there. There’s lots of addresses, and people are concerned about “collisions”, “Will somebody accidentally stumble upon my address?” and all that sort of thing. These are big numbers, and I’ve come up with an analogy that works for me that will help give you a sense of how big these numbers really are. Then the last basic element is, sort of, “How do you go from a passphrase to a private key, and actually CREATE a brain wallet?” So I’d like to touch on those four basic components first, and then talk about the dangers.
John : Okay. Sounds good man.
Nick : All right. So first of all, I think a lot of folks know what private keys and public addresses are, and what you realize is that private keys are just random numbers. These are BIG numbers. They’re 256 bits long. That’s binary, and for those who like to think in decimals and engineering notation, that’s like approximately 10 to the 77th number of private addresses out there. Those private keys are converted into a public key using the Elliptical Curve Digital Signature math. It’s one-way process, and you can be secure that this public key can’t go backwards. You can’t go from the [public] key back to the private key. But then there’s ANOTHER step, where there’s a couple of hash functions applied that convert that public key into a public address. It’s an additional hash, and an additional encryption of the public key. Now the public key – and this is probably going into more detail than I intended to, and probably even UNDERSTAND properly – but the public key is used when you’re signing transactions. That’s all part of how Bitcoin works.
But the address that we see – that [is] on our smartphones, [and] that we publish to others to send money to – that’s a public address that is ultimately derived from a private key.
John : Mmm…Hmm.
Nick : And so that’s one component. The second component is this notion of entropy. Like “bits of entropy” is a phrase that you’ll probably hear a lot about. So in math terms – for those mathematicians that are out there – you basically take the number of possible combinations of something, and you take the “log base two” of that, and that’s how many bits of entropy you have. But let me give you a much simpler description. So take a single die from a dice from Las Vegas. It has six sides, right?
John : Mmm…Hmm.
Nick : So when you roll that dice you have six possible outcomes, right? So if you write that number six in binary – which happens to be “one – one - zero” – you’ll see that you have three bits of information that are necessary to encode that many possible outcomes.
John : Mmm…Hmm.
Nick : So a single die has three bits of entropy. If you take TWO dice there are 36 possible combinations. The when you write that in binary, I think it’s “one.. zero… zero… one… zero… zero”, that’s SIX bits of entropy. And if you continue to do this with ten dice you get 26 bits of entropy, and you need a lot of possible combinations of things to get a lot of entropy. When we talk about brain wallets and passphrases, the objective is to have a passphrase that has sufficient entropy built into it. It’s so long, and complicated, and random, that there’s a lot of bits of entropy. Again, we’ll touch on that. So far, so good?
John : Yeah. So you’re basically saying [that] you want listeners – if they’re going to create a brain wallet – they want a passphrase that cannot be broken, [or] figured out, [or] guessed by any human or any COMPUTER in existence.
Nick : I think you said it perfectly. You do not want a computer to be able to guess something, NOT because they CAN’T guess it, but because there are so many possible combinations to have to TRY to guess that it is completely unfeasible that it will be guessed.
So that’s an important piece. And again, in a moment that will connect up to how you CREATE a passphrase, and how you measure the goodness of one.
John : Okay.
Nick : So then there’s this issue of these really big numbers. All right? So these big numbers are sometimes hard to understand, and having a good analogy is important for me, personally, to understand it. And, as we said earlier, about going from private keys to public addresses. There are actually 2 to the 160th possible unique public addresses. Now, that doesn’t actually sound like a big number, 160. But 2 to the 160th, How big IS that? Well, it turns out that it’s actually pretty big. Now a lot of the analogies that I’ve seen before, it’s hard for me to get a sense of proportion, because a lot of these analogies have been very linear.
John : Mmm…Hmm.
Nick : I am more visual kind of guy, and I ask myself, “Is there a good physical volume analogy? What might that be?” So this is what I came up with, and I hope it helps people get a sense of perspective.
So I said, “Well, imagine a single, small drop of water. How much water would be equivalent to 2 to the 160th drops?” So my first thought was, “Well, what about all the water on earth?” So when I used Wolfram Alpha – thank you Stephen Wolfram – I calculated that that’s not even coming close. I mean, that’s only 2 to the 85ths drops of water.
John : Wow.
Nick : So my NEXT that was, “All right. Well, that’s just the waters on the SURFACE of the earth. What about a water balloon the SIZE of the earth. How many drops is that?” It turns out that’s not even close either. That’s like 2 to the 95th drops.
John : Hmm.
Nick : So I’m getting a little frustrated. So I said, “Oh, all right. What about Jupiter? The planet Jupiter. A water balloon the size of Jupiter?” Because I remember reading someplace, earlier, that you can fit 1300-some earths inside of Jupiter. Surely, a water balloon the size of Jupiter should be good. Well, we’re getting a little closer. It’s only 2 to the 105th. So, then – I don’t want to keep this silly analogy going – so I said, “How many Jupiter water balloons do I need to have 2 to the 160th drops of water.”
The answer is astonishing. You need 50 million BILLION Jupiter water balloons to have 2 to the 160th drops of water.
John : Whoa! 50 million, billion Jupiter water balloons. [laughter] I love it.
Nick : Yup. That’s 2 to the 160th drops of water. But here’s the most mind-blowing thing of all. I said, “Well, how many Bitcoin [public] addresses have ever been used?” And I tried scouring this online, and the best I could find - where some guys have done some blockchain analysis and they’re saying there’s like two and a half to three million of these things. And so I said, “Well how much is two and a half to three million drops of water?” That’s about the size of a single bathtub.
John : Wow.
Nick : All right? The way in which Bitcoin addresses are generated, they’re equivalent to random numbers. So these bathtubs full of drops of water are actually scattered randomly amongst the 50 million billion Jupiter water balloons. So the odds of somebody finding one, and finding one with Bitcoin in it is – well, it’s [unfeasible?].
So, that’s the amazing thing. And that actually brings us to the last basic element that’s actually very important to understand.
John : Okay. Before you get to that last basic element, I think I’ve changed the name of the band I’m trying to put together. Instead of calling Satoshi, I want to call it “Jupiter Water Balloon”. [laughter]
Nick : [laughter] Well, I’m honored.
John : All right. Hey, by the way I love that analogy. That really does give a great picture of it, in the bathtub and everything. That was fantastic.
Nick : Oh, thanks. So the last element is, sort of, “How does a passphrase become a private key?” And so, basically, a private key is 256 bits long, so we need some method of converting ANY passphrase into a random, 256-bit number. The standard approach that the brain wallet world uses is this thing called the SHA-256 hash function.
So it’s a mathematical formula that basically takes input of ANY size. It can be a word. It can be a sentence. It can be the contents of a book. It could be whatever you want. And it will generate a random, 256-bit output. And there are some wonderful properties that SHA-256 has. The properties include : the same input will always give you the same output. So that’s important, because your brain wallet will generate the same private key. The output is indistinguishable from random, which means that if I take a 50 page tome of original prose that I wrote, and I enter that as my passphrase, if I just change one comma to a period the SHA-256 looks indistinguishable from the first one, and indistinguishable from random. So that’s an important property.
John : Mmm…Hmm.
Nick : Then another thing is [that] it’s impossible to go backwards. So you can’t go from a random number to figure out what the passphrase was. Then the most important feature is that it’s very “collision resistant”. In other words, I cannot find two passphrases that generate the same private key. [15:07]
So all those things are essential components of mechanisms that convert passphrases to private keys. There are OTHER methods out there, but SHA-256 is actually a very, very good one.
John : Okay.
Nick : So, now that we have the basics, what does it take to create a brain wallet? Well, there’s actually a couple of great web sites that I’ve used to play with brain wallets. One is http://www.bitaddress.org , and another one is http://www.bitcoinpaperwallet.com , and actually the latter one allows you to view BIP-38 encryption of your private keys. And if you really want to do this for real - you can PLAY with these online, just as learning - but if you actually want to do a REAL brain wallet, you’re probably going to want to follow the standard security processes of getting the GitHub HTML code, and run it on a computer that’s not connected, and all of that kind of stuff. But the most important thing you [need to do] is to have a passphrase that’s truly random, and has a LOT of entropy. So people – humans - are very, very bad at creating random passphrases.
John : Mmm…Hmm.
Nick : People think they’re clever? They’re NOT clever. All right? So, as we talked about, passphrases have to have sufficient bits of entropy. And it turns out that [there is] debate about how many bits is necessary. Some people say that you need to have more than 100 bits of entropy - which remember, that’s a lot of water on Jupiter. And others are saying you’ve got to have more than 140. I’m in the camp that it should be more than 140. Now, there’s a really good way to generate a truly random passphrase that you can memorize. There’s a technique called Diceware. If you look this up online you’ll see that you can take a single die, or a group of dice, and roll them to generate random numbers, and then these random numbers will select words out of a predefined dictionary of 7,776 words. Then what you have is a series of words that are random, that nobody can guess, has lots of bits of entropy, and you can use that as a passphrase. [17:01] So, there’s a debate about how many words do you need to memorize for a really good passphrase? Some people say for brain wallets you probably need eight. I personally think you need ten. So those are the basics. Now I want to shock you, and scare you, with all the things that are bad.
John : [laughter]
Nick : Because there is some danger here if you don’t do it correctly. So, the first one is about weak passphrases. So what I just described with Diceware, that’s a way to generate truly random, sufficiently high bits of entropy passphrases. But a WEAK passphrase happens when people are confused with how random something looks, with how random the output is. So if your input is not big enough, then the number of possible SHA-256 hashes that it generates is not big enough EITHER, and an attacker can try a brute-force attack on known passwords. And actually, attackers have these things that they use that are called “rainbow tables”.
A “rainbow table” is basically a big dictionary of passwords and passphrases that people use… You remember the target hack that occurred, and all that was stolen was a bunch of passwords?
John : Yeah.
Nick : Well, I’m pretty sure those passwords made their way into rainbow tables. So [all the hacker needs] to do is try a passphrase, run SHA-256, generate the corresponding public address, check to see if there’s any Bitcoin in it, and if there is, sweep it out. And so there are bots that are running out there. There [are] algorithms that are running in the background that are just randomly trying different passphrases, and I’m saying they’re trying obvious WEAK passphrases, and they are generating addresses, and seeing if there’s anything there.
John : So it’s fair to say that there are people here on the planet that are sitting in their basement – probably their parent’s basements, smoking weed all day long – and they’re just trying to guess passphrases with the idea that maybe they’ll come upon a passphrase that is a Bitcoin wallet that has a bunch of Bitcoin in it, right?
Nick : Yeah. That’s right. That’s what they’ll try. People are working on this kind of thing. And then you’ve probably seen the famous XKCD comic that tries to explain strength of passwords, and so forth, as the “correct horse battery staple”. Well, those are four random words, but once they’re online and on the internet, that is no longer secure. As a matter of fact, if you send a few milli-bits to “correct horse battery staple” brain wallet, it will been gone in a few minutes.
John : Right.
Nick : So that’s one thing. But then the other thing is that people think they’re going to be cute. They’re going to try this fancy word called obfuscation. So instead of using the word “password”, they’re going to say, “Oh, I’m going to use “p & $$ w 0 r d”. It looks like a password, but it’s NOT “password” and nobody is going to be clever enough to think of that but me.” Well, do not think that you’re smarter than the hackers, because all of these obfuscations [are] already in the rainbow tables. [20:03] So if you believe that you’re come up with some brilliant obfuscation, remember [that] there are BILLIONS of people on earth, and someone will probably think of that same brilliant idea. I used to THINK that I could be brilliant in this regard. I don’t think that anymore.
John : Well, also though, isn’t it possible to use words that don’t exist at all? A long word; something like “super-cala-fragilistic-expialodocious”? Of course, I would not recommend THAT one. But if you had a single word that was that long, and let’s say it was 30 separate characters long, and you had a couple of underlines in there, it seems that THAT might work.
Nick : That could. If you’ve got [a] sufficient number of characters, where you’re using capital, lowercase, special characters - and you have enough of those things, and they’re truly random – then you’ve got a chance of having something that has sufficient entropy. Then the other problem is [that] REMEMBERING it is a problem.
John : Right.
Nick : That’s actually the NEXT thing that’s a danger, and that’s FORGETTING something. This is obvious. If we don’t keep it fresh in our minds, you’re going to forget it. As we get older we’re going to forget stuff.
John : Mmm…Hmm.
Nick : So what some people believe they need to do is create some physical documentation of their brain wallet passphrase, and keep it deeply hidden. And while that’s not in the spirit of true brain wallet - because a true brain wallet is only in your brain - it might be a prudent thing to do to just provide yourself with some of that backup.
John : Absolutely.
Nick : Of course, you touched on this other one, which is the known content danger. So just because any long passphrase can be hashed does not make it a GOOD passphrase, because even though the SHA-256 hash of that passphrase LOOKS random, it may not be random. So people think, “Well, I’m going to take a paragraph from some obscure book.” Or, “I’m going to take every third word from the bible.” Or, “I’m going to take every Nth word which is represented by the Fibonacci series of some other book.”
John : Mmm…Hmm.
Nick : Well, you know what? Eventually these things are going to get programmed by these bots, and I wouldn’t try that. My STRONG advice is [that] if you’re going to use brain wallets, you’re passphrases have to be BIG, which means lots of bits of entropy, and they have to be random.
Then there’s the last one, the last danger. That’s incapacitation or death. So what’s your plan for your family? So there’s been some discussions that I’ve read online where people are talking about these “automated dead drops”, where if something happens somebody gets alerted to do something, and it triggers some documentation revealed to family members. I also believe that as smart contracts continue to emerge there will be “smart wills” [where] we can have scripts attached to my money so that in the event that I DO die – and it’s provable somehow – that the money is appropriately dealt with.
John : Yeah.
Nick : But given that I just play with this stuff with very tiny sums, I’m not worried about this. For me it’s more of a learning, and exploration, and intellectual challenge aspect.
John : Right, but it’s important to THINK about.
Nick : Oh yeah. Absolutely. You have to think about that.
John : That’s the same thing if you have – I don’t mean to offend anybody – but if you’re dumb enough to have your gold hidden in your backyard. It’s the same thing. If you die [and] no one else knows about it it’s probably going to stay there forever. No one’s going to get it, and you might want your family to have it.
Nick : Yeah. Actually that’s a great analogy, the physical gold, because if I can extend that a bit, with your permission, I would say, “I have buried some gold SOMEPLACE on earth, and I know where it is and nobody else knows where it is, so I’ve got a good gold brain wallet.” So what happens if you die? What happens if you forget, and the only thing you had to remember was the “lat and long” of your GPS. Right? Well, you may not remember.
John : Yeah. Exactly. I think there is ANOTHER danger. I don’t know if you were going to touch on this or not, and it’s : in the future, if in the future everybody knows that everybody else has a brain wallet. Well, it’s not that hard for somebody to capture you, and beat the – [laughter] How many smacks with a baseball bat up against your leg before you’d release your brain wallet info? For me it would probably be one smack. You know, “You can take my 0.2 Bitcoin” [laughter].
Nick : Well there’s also the possibility of brain damage with that first smack, so you never know.
John : Yeah, exactly. Well that’s why they start out with your feet, or whatever. But that definitely IS a danger in the future. There’s also people [talking] about [how] you can access your car in the future, or your house, with a thumbprint. That’s ridiculous. Don’t you want to make it that it can only access it with a LIVING thumbprint, as opposed to the thumb that they cut off, and take over to your house, and use that. We’ve seen things like that in movies. There was one with Sean Penn [where] the guy takes the guy up on the top of the roof, and in this freezer they have up there – I think they’re keeping beers in the refrigerator – but in the freezer they have these hands that they cut off of somebody, [and] that they’re using for these crimes - for the fingerprints for all these crimes they commit. But anyway, crazy stuff. But yeah, so the dangers sound very real for brain wallets.
Nick : The dangers DO sound real. And again, I personally don’t have hardly anything in a brain wallet. I’m doing it for learning purposes. But If I DID then what I would want to do is have ANOTHER brain wallet with just some trace elements in there so that that’s what I divulge, as sort of a deniability thing. But now you’ve got to remember TWO different random high entropy passphrases, and it begins to get out of hand.
John : Right.
Nick : Well, I would say there’s one additional topic – and I don’t know that this is advanced brain wallet thought process – but it’s something I’ve been thinking about, and I’ve seen some elements of it written. And that’s this notion of a deterministic SERIES of brain wallets. So starting with one high-entropy, memorized, random passphrase you generate a private key. Then you add some salt to that private key – salt is some ADDITIONAL passphrase element that you can add to it – and then take the SHA-256 of THAT to generate ANOTHER private key. So now you can think of being able to create a deterministic string of private keys that you eventually regenerate all from the first brain wallet. But for those kinds of things I’d stick with some of the standard BIP-39 processes that have these passphrases that allow you to create these hierarchical deterministic wallets.
So there’s techniques that are focused on HD wallets that I think MAY someday provide some better flexibility for brain wallets.
John : Yeah. That’s fascinating stuff. I remember when I was first trying to get a brain wallet, and trying to figure out, “Okay. What kind of phrase do I want to use?” I came up with a phrase that I feel is random and crazy, and all these little characters, but that’s pretty easy for me to remember. But can you give a mock example of a brain wallet that someone can actually use that YOU would consider safe. Obviously you’re not going to give us a real brain wallet one, and obviously whoever here’s this is not going to be USING it after this – I would hope not – but, yeah, just an example.
Nick : All right. “Chair plug window kumquat four-of-hearts second-hand magic pencil”, and I would also, in that sequence, use appropriate capitalization and alternating other things. And so that is a series of words that I try to rattle off randomly, and probably wouldn’t be guessed.
But back to the principles of what makes a very strong passphrase : it’s got to be random, and it’s got to be original – if it’s going to be a unique thing that’s only known to you – and it’s got to be long, so that it cannot be guessed through brute force. So I think that, kind of, brings us back to the original two truths that we started with, which is, number one, don’t use brain wallets because they’re very dangerous, and you’re going to lose your money. And the second truth is [that] they are VERY powerful when used correctly.
John : Yes.
Nick : So you really have to decide whether it’s right for you, whether it’s part of your storage solution, whether it’s part of your family solution. But again, as I said, my own personal learning that has occurred in the exploration of brain wallets has been fascinating. It’s been excellent. I’ve had to find answers to questions that were in my mind that I would never have stumbled upon those aspects of Bitcoin had I not gone searching for these obscure things.
So it’s a fascinating topic. It’s a dangerous topic. But it’s one that we need to understand.
John : I agree. Okay, so let’s say that somebody [has] their family wealth, and they have to leave the country quickly. They know they have 24 hours before they’re going to be on a plane, and in another country, but they know they can’t take their wealth with them. But they’re able to convert their wealth into Bitcoin. They DO that. Then they want to store it on a brain wallet so that they can enter that new country with all of that wealth – let’s say it’s $100,000 – and they have all of their wealth in their brain wallet. So they have to do this pretty quickly. They have 24 hours to do this, and let’s say they have their Bitcoin in a paper wallet. How are they going to get that from the paper wallet into the brain wallet in 24 hours?
So maybe they’d want to start with Bitaddress.org, as I did. Obviously you don’t want to be generating that while your computer is online. Now, why do you not want to do that? Is that because you’re afraid of key-loggers? Are you afraid of trojans in your computer that are watching your every move? What is the reason why you would want to generate your brain wallet from an offline computer? And how do you do that?
John : Let’s back up one second. So you want to copy the HTML code. Where are you copying that? Are you copying that onto a thumb drive?
John : How do you know when you are copying that HTML code, and putting it onto your thumb drive, that in that process – because you’re still on an online computer – something bad isn’t happening in THAT process, something that’s going to compromise your thumb drive, let’s say?
Nick : Because this is access from the GitHub repository, they provide you with the digital signatures of the file that you’re downloading so you can check to see – after you’ve moved it to your disconnected computer – whether the file generates the same signature.
So, I’m not personally very skilled at doing that, and because I’m not playing with any serious money, that has [not] been a big concern for me. But if I ever WAS to do that I would figure out how to do that validation as step one. Now back to your analogy. [For] an example of how a person [would do] this quickly, I would also use a random, large passphrase and spend the time that I had memorizing that passphrase, and keeping it fresh in my mind, and maybe taking - say, 10 random words - and building a little MELODY of those 10 random words. I would even teach my FAMILY members who travel with me to keep the 10 random words in our minds.
John : Mmm…Hmm.
Nick : So then the question of how you get your paper wallet is [that] you use either your Mycelium app on your phone, or your Circle app, or whatever app you use, or your hardware wallets, or Armory or other wallet management systems, and basically sweep your paper wallet and transfer all that into the private key that is associated with your passphrase. That’s it. Now it’s in your brain, and [you have] access [to it] no matter where you travel.
John : Now how would you get it to your private key? You create your passphrase that you’re going to memorize – your brain wallet – [and] when you put that into http://www.bitaddress.org that’s going to [basically] generate a key pair.
Nick : It’s going to give you a private key AND your public address. Then you sweep your paper wallet into whatever wallet system you use to sign transactions. Then you send it to that address that’s generated from your passphrase.
John : Using your offline computer, when you create this Bitcoin brain wallet, I assume that when it gives you the private and public [keys] it would also give you a QR code? Because otherwise how can you get it to your private key without TYPING IN somewhere the entire private key - when you say “Sweep it.”
Nick : Yeah. You’re right. It DOES generate a QR code for you. It also gives you the hex representation, as well, that you can type in manually. But you indeed DO get QR codes that you can use to send to.
John : Okay. So you’d basically be sending it TO that brain wallet FROM your paper wallet, or from wherever you had it. You could have it online, [or] you could have it somewhere else. You could have it in an EXCHANGE, maybe, which is not the best idea OBVIOUSLY, if it was your family wealth. So yeah, you sweep it there to the brain wallet, [and] you have it in the brain wallet, and then I leave the country and feel safe. [Then] an hour later they storm my house [laughter] and they ransack it, torch it, and raise it, and they burn it to the ground.
Nick : And there’s NOTHING there.
John : Those BASTARDS! After they’ve thoroughly searched [they say], “Sergeant, there’s nothing her. We’ve found nothing!” [Meanwhile] I’m on the flight with my family, and then I land in – wherever it is, [like] Istanbul – and I have to RETRIEVE that money in some way, using my brain wallet. But let’s say that I wasn’t able to bring a COMPUTER with me, and I wasn’t able to bring a SMARTPHONE with me. I’ve [now] got to find some kind of internet café, and then the difficult thing is, “Okay, wait. I don’t want to dump all of this to sweep all of this $100,000 worth of Bitcoins from my brain wallet in an internet café in Istanbul.” What am I going to do? How can I get that $100,000, and how can I get it back in small pieces if I choose to, or get it back all at once, and safely put it somewhere else? I know these are crazy, complicated questions, [and] it’s a crazy, complicated scenario, but I sure don’t have the answers.
Nick : Yeah. Well in THAT case I think the primary objective of this scenario was to get the hell out of the country, and so now that I AM out safely, with the money in a brain wallet, I would take the necessary time to ACQUIRE a smartphone, and get an app like Mycelium that I could then find an internet access point I could TRUST to put the money in. Or if I get my hands on a hardware wallet, like Trezor ( https://www.bitcointrezor.com/ ), or other devices, I can pull that into that device as well. So the interesting thing about the question that you asked was, “If I only had 24 hours to do that?” Well, it turns out that your listeners have a LOT more than 24 hours to do that.
John : Huh, we HOPE so [laughter].
Nick : Yeah. But the issue is that you can PLAY with this NOW, [and] actually not even put ANY money into it. Just play with it now [by going to] Diceware (http://world.std.com/~reinhold/diceware.html ) - the site that has Diceware on it – [and] generate 10 random words, memorize those words, and keep them in your brain. The way that I keep a 10-word passphrase in my brain [is] when I do exercise. [When] I’m doing reps with a set of weights. Instead of COUNTING from one to ten, I mentally say the words to myself so that I don’t forget them. If I’m walking I count the words as I’m walking. There are MANY opportunities through the course of your day where your brain is not doing anything, You might as well have it remember its passphrase so that if you DO have [only] 24 hours to get out of the country then the passphrase is there. Then it’s just a matter of putting the money into it.
John : Right, the passphrase is there. It’s a matter of getting the money into it, but you’re STILL going to have to get to a computer, right?
Nick : Yes. That’s correct.
John : Right, because you CAN’T actually send [Bitcoin] from a Mycelium wallet – or ANY wallet – to a passphrase. So now let’s say you DO take your time, and things are going well, and you’ve got a little bit of money to get a smartphone, or Mycelium wallet, or you get to a computer that you trust there in Istanbul, and you want to retrieve your Bitcoin FROM the brain wallet, and all you have is the passphrase, you still have to get to a computer of some sort that can do this by way of the SHA-256, right?
Nick : That’s right. So access to http://www.bitaddress.org/ or https://bitcoinpaperwallet.com/ will provide you everything that you NEED to generate the public address and private key, so that you can then use another device – like a hardware wallet or a smartphone – to have access to that.
John : I remember that’s what I DID after I had CREATED this Bitcoin wallet – the very first one I think I sent like 50 cents worth of Bitcoin to it. I wanted to know if it WORKED or not. That was my main objective. So what did I do? I went back online – I had done everything offline – to http://www.bitaddress.org/ and put that in, and lo and behold it gave me a private and public key, and that’s where the Bitcoin was. [So] I thought, “Wow, success! This is so cool!” So I proved to myself that the brain wallet actually worked, and it DID really feel – knowing that I had SUCCEEDED in storing a small amount of Bitcoin in a brain wallet, and then RETREVING that Bitcoin FROM the brain wallet – it was really quite thrilling. For the first time in my life I felt like James Bond [laughter].
Nick : [laughter] That’s great.
John : The OLD James Bond. Not the new guy who’s rough and ready and mean, and never smiles [or] cracks a joke, and is actually pathetic.
Nick : Well hopefully there will be some brain wallets and Bitcoins in the next Bond movie.
John : That would be so cool. I think we’re going to start seeing this in movies - Bitcoins and digital currencies – [and] that’s going to be pretty exciting to see. But this is fascinating stuff. I know that for any listener who is listening who has never heard of a brain wallet before, they are probably sitting back, with their brains [melting, or exploding] or something. They have no idea what we’re [talking about]. Still they’re like, “I can’t even believe this is possible.” But then for listeners who have been WONDERING about it, and always wanted to TRY it, I think there are going to be people listening to this episode and then going to http://www.bitaddress.org/ , or wherever, and trying it. The OTHER thing that I remember when I was first creating that brain wallet was my FEAR that as I copied that HTML code onto a thumb drive and took it to a different computer offline, my fear was that it wasn’t REALLY http://www.bitaddress.org/. Because I don’t have the technical prowess, [or] knowledge, to be able to verify that, “Yes, this comes from GitHub, and yes this is real.” How did I know it wasn’t just a web site where instead of RANDOM numbers being generated it was actually just generating key pairs that were already in a database, right?
Nick : Yeah.
John : And it would generate – let’s say over the next five years – MILLIONS of them, you know? Then, when the person decided, “Hey, I think it’s about time now.”, they’d just cash it all in, because they’d already have those in the database. So that was MY fear, trusting that Bitadress.org was really GIVING me, offline, RANDOM numbers, as opposed to just drawing from this dataset.
Nick : well, there IS a way you can TEST that. Actually, I forgot to mention this. This is one of the things that I did to validate to myself, even though I didn’t go do the full digital signature validation. You can find LOT’S of online SHA-256 calculators, where you just put in a passphrase, and it generates the output. What I did was just went to Bitaddress.org, and also Bitcoinpaperwallet.com, and to the SHA-256 calculator, and I tried ALL THREE of them with a series of different passphrases to see whether all three of them generated the same random output. I did a bunch of gibberish that I copied and pasted across all three, and every single one of them generated the SAME output. So that [kind of gave me] more trust in them.
John : Hmm.
Nick : But as I said, if I was going to do this for some serious money I would actually go and figure out how to do the full digital signature validation process as well.
John : Yeah, you’d have to really. If it was your family wealth you’d be crazy not to. So yeah, this is exciting stuff. Listeners, you can create your own brain wallet today, and if you want to you can leave it empty, right?
Nick : That’s right.
John : Keep your brain wallet empty for a rainy day, in case you need it. Or put $5 or $10 there, and then you can go online to blockchain.info, [where] you can check that Bitcoin address, and say, “Yeah. This week, next week, and the week after, my $10 in Bitcoin is still there, right in that wallet.” Right?
Nick : Yup.
John : So yeah, this is exciting stuff. Nick, thanks so much for taking time to be on Bitcoins and Gravy, and to talk about brain wallets. Can you give us some closing words?
Nick : At its simplest level a brain wallet is a way in which you can derive a private key from stuff that ONLY YOU know. [That is], it’s safely tucked away in your brain. And as I said early on, the two truths about brain wallets are that, number one ; they are fraught with danger and you shouldn’t use the, and, number two : they are REALLY powerful, and if you use them correctly they are very safe and secure.
John : [laughter]
Nick : So, it provides not only intellectual challenge and a great learning opportunity, but it also is personal freedom in the long run. I think it is worth knowing how to use, and just being aware of it, so that if and when the time comes you have that at your disposal.
John : Man, I love it. That is great stuff. I think this has been the best explanation for brain wallets that I have heard, ever. And I think that, Nick Pudar, you should write the definitive handbook on creating Bitcoin brain wallets. I would not be surprised if you sold them like hotcakes. Hey, if you create them, I’ll sell them like hotcakes on Bitcoins and Gravy for 10% [laughter].
Nick : [laughter] Just send me your public address.
John : There you go. It’s as easy as that. Hey Nick, thank you so much for being on the show, and for taking time to explain all of this to us. This is great stuff, man.
Nick : It was my pleasure, John. Thanks so much.
John : Yeah. You take care, [and] say “Hey!” to Detroit for me.
Nick : Thank you very much. And again, I’ve got to tell you, the first time you said you were going to have somebody to talk about brain wallets my reaction was, “Awesome! I can’t wait for that one!” [laughter].
John : [laughter] Thanks a million, Nick. Take care, man.
Nick : Bye.
John : All right. Bye.
[background music accompanying book excerpt reading]
Nick : “The Song of Ashok” by Max Hernandez…”Ashok squatted in the early morning sun, surrounded by indifferent strangers. Rocking back and forth on his heels, he hummed under his breath. In his mind he matched words to the melody, touching each in turn to comfort his soul. Together they were his family, and his wealth”…
… “And soon he knew they would be his survival. In front of him a dirt road cut across his field of vision like a line in the sand. Beyond it, marked only by a fetid stream, was the border. And on the other side of that, a fenced camp. The Red Cross would be there with clean water and rice gruel. For a boy who hadn’t eaten for five days such things were miracles. Perhaps he would EVEN get to wash, but not leave. If he crossed the border they would make him stay in that camp, locked behind a fence as if he had committed a crime. Still, the world outside would be free, and he could have visitors. That would be good enough for his plans. On THIS side of the creek no one stopped him from crossing. In fact, there wasn’t a soldier in sight. It was too early. But if he wanted to get into that camp he would have to wait for them. Only they could issue exit visas, and without one the guards on the other side would only drive him back.
So he shifted his position and waited in the growing heat and flies; a tall weed in a grown man’s jacket. He tried to ignore the throbbing infection in his arm, and the cramping in his abdomen. Fortunately, the piece of canvas that he had wrapped around his waist to hide his nakedness could easily be pulled aside to avoid soiling himself. The coat and shirt were his only garments. Not long ago he had also worn shoes. They had been too large and hard to walk in, but they did protect his feet. Yesterday, someone bigger had claimed a greater need, so now he walked barefoot. He once had dollars, too, and a gold chain. When they left his village his mother gave him both to carry in secret. But they were gone now, like his original clothes, taken during one of the beatings he had occasionally received over the past two weeks. The chain had been hidden where no one should ever had found it. But his attackers had probed him deeply, and taken everything but his dysentery.
And his song. They had left him with that because he had never mentioned that he had it; not even when they hit him. His father had taught him well. It helped that they didn’t try very hard. Why SHOULD they? How could they know of the wealth that a small boy could keep hidden in his mind. His father had forged the words, and his mother had put them to melody. Only a few dozen lines, it spoke of his family, his home, and hope. Some pieces had small value, but others could buy him the world. When he wrote a part of it on paper he always did it the same way, without punctuation or capitalization.
If he wrote only a single line he always ended it in exactly the same place. Written like that each verse looked like a small thing, but in his mind, viewed together, the song had grandeur, scope, and deep emotional meaning. It was the symphony of his salvation; the memory of his mother singing it as she baked bread, or his father trading its lines with him as they sat alone in his office hiding from the midday heat. Now it might be the only thing he would ever have to remind him of the love that once bound them together.
He lost track of his mother and two younger sisters sometime after his first beating. One minute they were there – a constant part of his world – and then they were gone; spirited away in the dark, taken from his mind’s eye without him even noticing the event. Not so, his father. They took him during the business day when the sun was high, and everyone rested in the shade. It was just a tax matter, they said, “He would be back that evening.” But he never returned. Three days later the killing started. Shortly after that his mother made them leave. His father had been a tall man; think, and tough, and smart – a merchant. He was wealthy by local standards. When things began to go bad he composed the words, and made Ashok memorize them. Then he taught the boy how to use them, and made him understand how critical it was to never talk of them to anyone. Known only to his father, his mother, and himself, they must always remain a secret. Always.
Because the song was a powerful genie living to serve the family - willing to work tirelessly for him, his sisters, and his parents – if anyone else even SUSPECTED its existence, the magic would leave forever. Later this morning he would probably be allowed to cross. If so, then tomorrow he would find a way to get online. There he would break off a small piece of his song, and use it to put a coded message in the blockchain. Like a homing pigeon it would fly across the world to every node, shouting in a voice that only a singer of his song could understand. “Ashok lives!” it would say to his family. “Tell me where you are, and I will come for you.”
Then he would break off another piece and turn it into money for fresh vegetables, and a doctor to tend his arm. Next week he would have a cool place to sleep, maybe not in a soft bed, but at least out of the dust. And most importantly, he would have investigators working for him, paid to look for his family. After tomorrow he would have whatever he needed, because even in a refugee camp a boy with money is more than just a boy.”… And the author’s note from Max Hernandez : “Bitcoin has a provision for storing private keys In the form of easily memorizable phrases. Everything about it, including punctuation, spacing and capitalization must be exactly the same EACH time it is used. These phrases can be strung together to make a multi-key mental wallet, taking advantage of the use of rhyme and music to make the individual phrases easy to remember.
By memorizing such a wallet a person could transport wealth in the form of Bitcoin ANYWHERE, and be able to access only a PART of it without having to worry about theft of the rest. In the Bitcoin world, these phrases – or COLLECTIONS of phrases – are called “brain wallets”. A brain wallet phrase can also be used to embed an encrypted message in the blockchain. Then anyone, anywhere can read it as long has access to a Bitcoin node, and the private key to decode it. Ashok plans to contact any surviving members of his family by posting this kind of message. The idea of memory systems, such as brain wallets, has been around longer than crypto-currencies, or even computers. Code poems were used during World War II to allow allied agents to communicate with London from inside occupied Europe. There is an interesting description of how they worked in the excellent autobiography, “Between Silk and Cyanide” by Leo Marks. I recommend it to anyone who is interested in the subject, as well as an excellent description of the more modern Bitcoin version by James D’Angelo.”
Listeners, that’s it. And for that description by James D’Angelo please check out the show notes on Let’s Talk Bitcoin (https://letstalkbitcoin.com/blog/post/bitcoins-and-gravy-67-brain-wallets-explained ), or on my web site : ( http://www.bitcoinsandgravy.com ) . Thank you, Max Hernandez, so much. Any listener out there who has NOT read the writings of Max Hernandez, I HIGHLY recommend his novel “Thieves Emporium” (http://www.amazon.com/Thieves-Emporium-The-New-Badlands/dp/0988703009 ), which will knock your socks off, and it is riveting. You will not be able to put it down. It’s very easy to find on Amazon.com. And, listeners, if you would like to TALK with Max Hernandez, it’s very easy. Just go to the “comments” section for this episode, #67, of Bitcoins and Gravy there are Let’s Talk Bitcoin. I am sure Max would be thrilled to hear your comments about his story, and to answer any questions you may have. Max Hernandez, thank you so much once again, sir. [background music concludes] [public service announcement music begins]
Hey podcast listeners! I’m Kerry, and I’m here to tell you about something really powerful that’s happening. Nepal recently suffered a TRAGIC earthquake, thousands of lives were lost, and people around the world are wanting to help. Fortunately, Red Cross has opened a Bitcoin wallet with Changetip, and is now accepting Bitcoin donations. IN just a matter of days THOUSANDS of dollars have poured into this account, turning Bitcoins into food and supplies for those in need. With Changetip we can send Bitcoins through Twitter, and use our social platforms to build momentum towards giving. We can give ANY amount, no matter how small, and together it really adds up.
So, to open an account go to https://www.changetip.com . There you can buy Bitcoins or transfer from your Bitcoin wallet. Start giving, and if you want, redirect the gifts people give YOU to go to Red Cross. Let’s use these amazing tools we’ve created to pull each other up and show the world the value of Bitcoin through generosity. [public service announcement music ends]
John : I know that it may sound completely and utterly absurd, but I have for you a magic word. And today the magic word is “brain”, as in the sentence, “When I first heard about brain wallets my BRAIN nearly exploded.” [music and lyrics to “Ode to Satoshi” song] http://bitcoinsandgravy.com/ode-to-satoshi-the-official-bitcoin-song
John Barrett : Now climb aboard y’all! This train is bound for glory… and there’s plenty of room for all…
“Well Satoshi Nakamoto, that's a name I love to say, And we don't know much about him, but he came to save the day. When he wrote about the way things are, And the way things ought to be, He gave us all a protocol this world had never seen.
Oh Bitcoin! As you're going into the old blockchain, Oh Bitcoin! I know you're going to reign, gonna’ reign, Till everybody knows, everybody knows, Till everybody knows your name.
Down the road it will be told about the Death of Old Mount Gox, About traders trading alter coins, and miners mining blocks. But them good old boys back in Illinois, And on down through Tennessee, See they don't care to be a millionaire, They're just wanting to be free.
Oh Bitcoin! As you're going into the old Blockchain, Oh Bitcoin! I know you're going to reign, gonna’ reign, Till everybody knows, everybody knows, Till everybody knows your name.
From the ghettos of Calcutta, to the halls of Parliament, While the bankers count our money out for every government. Oh, Bitcoin flies on through the skies of virtuality, A promise to deliver us from age-old tyranny.
Oh Bitcoin! As you're going into the old blockchain, Oh Bitcoin! I know you're going to reign, gonna’ reign, Till everybody knows, everybody knows, Till everybody knows your name. Till everybody knows, everybody knows, Till everybody knows your -- "Give me some exposure" -- Everybody knows your name.
Singing, Oh Lord, pass me some more, Oh Lord, before I have to go. Oh Lord, pass me some more, Oh Lord . . . before I have to . . . Go . . .
[instrumental finale] [applause]
John : Oh-ho! Thank you East Nashville! Y’all be good to each other out there, ya’ hear?
John : And I’d like to thank my guest on today’s show, “brainiac” Nick Pudar, who was kind enough to take the time to walk us step-by-step through how to create and use a brain wallet. And I would be remiss in my duties if I did not thank Nick for giving me the name for my new band, “Jupiter Water Balloon”. That’s right, ladies and gentlemen, live in concert this Friday at the Nashville auditorium, “Jupiter Water Balloon.”
And much thanks also to my good friend author Max Hernandez, for sharing with us his newest work of short fiction , “The Song Of Ashok”. Max, we look forward to many more excellent writings about Bitcoin and all related topics. And great news, listeners. Our transcription page is now live on the web site, thanks to the continuing hard work of one of our loyal listeners, who is also a consultant to the show. These professional transcriptions are provided by one of our fans, who can be found at : http://www.diaryofafreelancetranscriptionist.com And, of course, you can find a link to this web site in the weekly show notes.
And if you’ve enjoyed the show, please take a minute to scan my QR code, or copy my public key, and send me $0.50 in Bitcoin. If you’ll do this every once in a while it will help me out more than you know. Folks, it’s not easy being a podcast host, trust me. Putting in 10 hours each week to produce the show sometimes takes its toll. Remember that giving someone a small tip in Bitcoin is what makes Bitcoin folks stand out in this world. I know, personally, that whenever I give a tip to someone on Reddit, or Let’s Talk Bitcoin, or one of the forums, I feel better about myself knowing that I’ve given back just a little to help that person continue creating great content.
And signing off now from East Nashville, Tennessee. I’m your host, John Barrett, here with my dog Maxwell. Say goodbye, Maxwell.
Maxwell : Grr…
John : Join us again next week for another episode of Bitcoins and Gravy, and until then y’all be good to each other out there. And remember, the only thing necessary for the triumph of evil is for good men and women to do nothing. Do something y’all.